1. Field of the Invention
The disclosure relates to a method for generating a network attack, and more particularly to a method for generating a cross-site scripting attack.
2. Description of Related Art
A cross-site scripting attack is a website vulnerability attack method which gradually becomes more common in recent years. In 2007, the cross-site scripting attack already becomes one of the top 10 website security vulnerability attack methods. In a web application, a cross-site attack can bypass access control thereof to acquire elevated privileges. These attacks are all caused by incomplete or inaccurate filter functions contained in the web application. Nowadays, even a programmer or a security expert also uses an automatic test tool to find cross-site flaws. Such a tool lacks a variation mechanism to assist the discovery of potential cross-site flaws. A website may allow a user to input a string and also operation of a database system on a server. Therefore, a hacker is capable of inserting a web and a scripting language in fields for inputting characters or character strings on a website to make other users download and execute malicious program codes while viewing a web page or redirect the users to a malicious website, so the users are under network attacks.
Generally a website establishes detection rules for protection against cross-site scripting attacks. However, attack string samples are used to attempt to penetrate a website to test tolerance of a website against cross-site scripting attacks. As the detection rules might be incomplete or be avoided, the number of attack string samples is limited and website vulnerabilities are not necessarily accurately covered, a penetration test with a large amount of automatic attacks is hard to be performed.